Hacker News new | past | comments | ask | show | jobs | submit login

There’s two things about iOS that bothers me, privacy wise:

- Apple still makes money off of ads, creating a conflict of interest. By default, users have a unique tracking/advertising ID attached to their phone.

- iOS is extremely restrictive, making certain privacy adjustments impossible.






"By default, users have a unique tracking/advertising ID attached to their phone."

Google has the same thing, and with apple if you care you can opt out.

"When Limit Ad Tracking is enabled on iOS 10 or later, the Advertising Identifier is replaced with a non-unique value of all zeros to prevent the serving of targeted ads. It is automatically reset to a new random identifier if you disable Limit Ad Tracking."

So this is a positive in apple's case over google privacy wise, not a negative against google.

"- iOS is extremely restrictive, making certain privacy adjustments impossible."

Generally you can't get unremovable malaware installed on an iphone you buy from apple. If this type of privacy restriction makes you choose android privacy invading phones - go for android. Many people like the locked down Apple setup.


> Generally you can't get unremovable malaware installed on an iphone.

Apple uses FUD to justify restricting users from doing what they want with their phone.

> If this type of privacy restriction makes you choose android privacy invading phones - go for android.

This is not what I’m talking about. I want to be able to use tools such as NetGuard to enhance privacy, which iOS doesn’t allow.


"FUD" isn't so uncertain when there is known widespread android malware. iOS malware only happens in extreme cases (like ransomware via a bad profile https://i.blackhat.com/briefings/asia/2018/asia-18-Zhu-and-L... ), via something like XcodeGhost, or via safari tech support scams. Just look at how stark of contrast there is between the lists of malware for both devices - https://www.cyber.nj.gov/threat-profiles/android-malware-var... and https://www.cyber.nj.gov/threat-profiles/ios/#list-of-known-....

Have you read what types of malware is on the list? "Download and install this app from sketchy place" kind of thing...

My partner has downloaded malware from the play store.

or is the play store sketchy? Where is the official repository of safe applications?


> you can't get unremovable malaware installed on an iphone you buy from apple.

This is simply not true. iOS also allows "supervisor" apps (see MDM) that are extremely difficult to remove later, perhaps even more difficult than android.

I know because I used to work at company that did a kids protection app.


Apple cracked down on those recently, and has added support for MDM with a lighter touch in recent versions of iOS.

Marketing spin, these apps are still in the appstore right now.

> Google has the same thing, and with apple if you care you can opt out.

I'm not on Android any more, but (afair) you could reset the advertising ID, which in practice is not that different from only being able to disable it temporarily.


Yes, but the ease of use and prominence of the feature make a difference. If I have to manually reset the ID, well, forget it. If the operating system automatically does it for me - then that is far superior.

Oh, yes. That’s what I meant and tried to express, poorly.

The UX makes a huge difference here, a feature is available in theory, but realistically speaking, inaccessible and annoying to the point of uselessness.


The phone id is only one way you are tracked.

You are being tracked in multiple places, at the ISP level, at the geo level, cookie and account level, and I don't know where else.

Being able to reset your phone ID is insufficient given all the other ways you can be tracked.

With Apple, maybe they're the lesser of two evils, but there is still a lot of room they could improve if they really wanted.

The aforementioned iOS restrictions block you from being able to implement all the available privacy tools.

Being able to implement all those privacy controls is a double edged sword. There's a certain amount of security you get from not ever having root access. It depends on your threat model.


Also keep in mind the more control users have to install things like that, the more differentiated each user will become.

This is one of the paradoxes that exist with certain tracking protections that exist today. Eg. Enabling Do Not Track or fingerprint blocking could make you easier to track. Though these are becoming more ubiquitous, and therefore harder to use to track you, as browsers make them the default settings.


> By default, users have a unique tracking/advertising ID attached to their phone.

My understanding is that this tracking ID was a replacement for apps being able to obtain the devices serial number. The tracking ID is unique per developer (edit: not true, it is unique per device, so multiple devs can build a profile on you) and can be reset by the user at any time.


I don’t believe the IDFA is unique per developer (assuming I’m understanding you correctly).

I use analytics in my company’s app and I get my team to send me their IDFA by downloading a free app from the App Store. The IDFA in my analytics is the same IDFA in the 3rd party app.


There is an IDFA (ID for Advertisers) and an IDFV (ID for Vendors).

The IDFV is unique per developer; the IDFA is unique per device.

The device user can reset their IDFA at any time, and if the user disables ad tracking then the device returns 00000000-0000-0000-0000-000000000000.


Yes but in practice, users never do, and when they do a reset, fingerprinting employed by most (all?) ad exchanges can make the association without issue.

AFAIK they make money off of non-tracked ads, eg. app store contextualized ads. The advertising ID only makes them money in the sense that more people might buy due to being able to reset this ID, Apple doesn't directly make money off of this (the ID is a string adtech can use to generate a profile instead of via fingerprinting, there isn't some API adtech has to use to use this unique ID).

Yes. But FWIW, a user can reset their "Advertising Identifier" anytime they want:

    Settings -> Privacy -> Advertising -> Reset Advertising Identifier...
Now if iOS was more hacker friendly, I'd write an app to automate that action and have it run regularly or on a random schedule or something.

> Now if iOS was more hacker friendly, I'd write an app to automate that action and have it run regularly or on a random schedule or something.

Of course you never mentioned Android in your post, but I just want to point out that Android in no way is more hacker-friendly. As soon as you obtain root access half of apps will stop to be feature-complete because Google have SafetyNet and there is no way at all to make your own legit "hacker" apps trusted to use elevated privileges. How is your phone is useful if part of games wont work, streaming wont work, banking apps dont work, etc.

Of course they sell it under sauce of anti-malware and "security", but it's Android have anti-consumer DRM system that make your compromise between useful apps and whatever hacks you wish to apply. So not that much more useful compared to jailbroken iOS.


> there is no way at all to make your own legit "hacker" apps trusted to use elevated privileges

Of course there is. To circumvent this closed apple-esque bullshit you can just install magisk.


My point is that Android as platform don't have this feature and it's vendor only care about interests of carriers, pro-DRM media companies and own ads business.

Magisk is never ending cat and mouse game and at any moment Google can just add some hardware-backed privileged rootkit that not going to be easy to bypass. So it's not always usable for every app out there.


Well yes it's another toxic business, that only cares about profits, news at 11.

The difference is that the good part of the community tries to unlock the platform's true potential instead of chanting "walled garden means safety" and "you don't actually have that use case".

And that part of the community has advanced tremendously. It's in the mindset.


Well, the checkbox right above the UI option you pointed out will zero-out your identifier.

Why not just turn off the tracking identifier?

I suppose part of me hopes that spotty or misleading data disrupts advertising models more than an absence of data. I may be wrong.

Fair enough!



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: